Skip to content

Beating ad blockers: first-party Umami analytics through nginx

by
Beating ad blockers: first-party Umami analytics through nginx

We track visits with Umami — privacy-friendly, no cookies. But the hosted script lives on cloud.umami.is, which sits on every ad- and privacy-blocker’s list. Out of the box, a big chunk of visits simply never get counted.

Why it gets blocked

Blockers match on domain. cloud.umami.is is a known analytics host, so uBlock, Brave shields, and friends drop both the script and the tracking beacon before they ever fire.

Serve it first-party

The fix is to route everything through our own domain. An nginx location proxies the script and the collection endpoint, so the browser only ever talks to rootstest.de — nothing on a blocklist.

location = /u/script.js {
    proxy_pass https://cloud.umami.is/script.js;
}

location = /u/api/send {
    proxy_pass https://cloud.umami.is/api/send;
    proxy_set_header X-Forwarded-For $remote_addr;
}

The tracking tag then points at /u/script.js with data-host-url="/u", and Umami sends its beacon to our proxy instead of its own domain.

Keep the visitor’s IP

Proxying would normally hide every visitor behind the server’s IP, so we forward X-Forwarded-For. Umami still resolves the correct country and city.

Result

The script and beacon both travel through rootstest.de, so domain-based blockers don’t catch them — and geolocation still works.

Leave a Reply

Your email address will not be published. Required fields are marked *